Planning to launch my second Forum in XenForo (Hello Cloud!) - Some Security and Privacy Questions

deslocotoco

Well-known member
Quick disclaimer: If XF Team prefer to discuss this in private, please delete the thread and contact me via PM to go on.

Hello my dears members of this great community,

Since the relative success of my first Forum, i started another small enterprise that will be, for sure, based on XenForo (probably going XF Cloud if possible 😀).

I'm still on the early stages of planning, implementing, calculating operational costs and this kind of stuff.

Since my new site is going to be for internal use in my office (lawyer office, btw), I'm going to use XF as communication system. Because the theme, subjects, client data and files is very sensitive, I'm here to ask about the security and privacy if i use XF.

I already known that XF have very good and granular permissions tool, even setting as a private Forum, and option to need login to give full access, right?

But this is enough? This forms of 'protection' can turn my Forum as a totally private for public (or, not authorized people to enter and see the content)?

If not, i would like a quote on that, on what i have to do to well, become "full private".

I don't want to see my cases roaming around the internet because some leaking of data because the login won't handled the public view.

Note: i don't want to use any other system. Have to be in a Forum and XenForo.

That's it.

Thanks!
 

Mr Lucky

Well-known member
But this is enough?
I assume it is enough in that xenForo permission system itself is secure enough . I would insist on two factor and strong passwords. You could even get a password protection on the directory on the server for belt and braces.

And of course noindex all the forums, but bots should not get there anyway if no access for guests
 

deslocotoco

Well-known member
The main view permission will prevent unregistered visitors from accessing any content.

So that's i was hoping to read. Thanks Brogan.

I assume it is enough in that xenForo permission system itself is secure enough . I would insist on two factor and strong passwords. You could even get a password protection on the directory on the server for belt and braces.

And of course noindex all the forums, but bots should not get there anyway if no access for guests

Basically, my check list for a totally ultra giga private only access XF Forum would be:
  • Disable guests access by revoking the main view permission;
  • Block any bots and crawlers (robots.txt maybe?) and noindex, of course;
  • Disable registration, for manual profile creation user by user;
  • A lot of attention on setting the permissions system;
  • Impose mandatory lockdown (ops, COVID-19 feelings) strong password with two factor auth;

Any more follow ups and tips on that matter or that's fine?
 
Top